astro-expert
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a memory protocol that establishes an indirect prompt injection surface.
- Ingestion points: The agent is instructed in
SKILL.mdto read content from.claude/context/memory/learnings.mdat the start of every session. - Boundary markers: Absent; there are no delimiters or instructions provided to the agent to treat the ingested memory content as untrusted or to ignore potentially malicious embedded instructions.
- Capability inventory: The skill environment grants access to high-privilege tools including
Bash,Write,Edit, andGrepas defined in the YAML frontmatter. - Sanitization: No sanitization, validation, or integrity checks are performed on the memory file content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute a shell command (
cat .claude/context/memory/learnings.md) to retrieve its persistent state, utilizing the high-privilegeBashtool.
Audit Metadata